Geoffrey_Cleaves Posted July 24, 2020 Posted July 24, 2020 Hi. How could I create a Wireguard tunnel which will only allow peers to browse the Internet using my home IP address? I want to block complete access to my LAN and Unraid box. I tried using the community VPN Manager interface with the firewall option to deny to my local LAN and tunnel IP address, but the peers can still access my Unraid server's file shares and HTTP management site. Any tips? Thanks! Quote
bonienl Posted July 24, 2020 Posted July 24, 2020 A wireguard tunnel terminates on your Unraid server, you can not deny peer access to your server, unless you use a different device (router) to terminate the WG tunnel. The WG configuration has a limited firewall function to allow or deny access to other devices in your network. A simple solution would be to define your local network, e.g. 192.168.1.0/24 and deny access. 1 Quote
Geoffrey_Cleaves Posted July 27, 2020 Author Posted July 27, 2020 (edited) I would expect that adding a combination of firewall rules it would be possible to prevent access to any services on the Unraid host and only allow forwarding to the Internet. Edited July 27, 2020 by Geoffrey_Cleaves Quote
bonienl Posted July 27, 2020 Posted July 27, 2020 The WG tunnel terminates internally to the system and bypasses the firewall (iptables) function. 1 Quote
Ruato Posted July 4, 2022 Posted July 4, 2022 On 7/27/2020 at 11:41 AM, bonienl said: The WG tunnel terminates internally to the system and bypasses the firewall (iptables) function. Is this still the status? That is, no way to restrict the wireguard clients' access to Unraid server services / dockers via iptables? Additionally, are you aware if there are any plans to enhance the Unraid wireguard firewall functionalities? Thank you! Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.